Creating a VPN service (V2 service/K5 client certificate)

This section explains the procedure for creating a VPN service.

1. Execute the following commands to perform the necessary configuration.

   $ SUBNET_ID=<Desired Subnet ID for SSL-VPN Connection>

   $ ROUTER_ID=<Router ID to Be Used for SSL-VPN>

   $ VPN_SERVICE_NAME=<VPN Service Name (Optional)>

   $ ADMIN_STATE_UP=true

   $ AZ=<Availability Zone>

   Warning:

   The parameter definition of the subnet for connecting using an SSL-VPN connection must be specified as follows:

   • cidr

     The mask value for the network address is specified in the range of "16bit - 29bit".

     Example: 192.168.1.0/24

   • gateway_ip

     The IP address of the virtual router specified for the VPN service is specified.

2. Execute the following API.

   $ curl -sS $NETWORK/v2.0/vpn/vpnservices -X POST \
   -H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
   -d '{"vpnservice": {"subnet_id": "'$SUBNET_ID'",
    "router_id": "'$ROUTER_ID'", "name": "'$VPN_SERVICE_NAME'",
    "admin_state_up":"'$ADMIN_STATE_UP'", "availability_zone": "'$AZ'" }}' \
   | jq .

   The following response will be returned.

   {
     "vpnservice": {
       "availability_zone": "<Availability Zone>",
       "router_id": "<Router ID for SSL-VPN Connection>",
       "status": "PENDING_CREATE",
       "name": "<VPN Service Name>",
       "admin_state_up": true,
       "subnet_id": "<Subnet ID for SSL-VPN Connection>",
       "tenant_id": "<Project ID for SSL-VPN Connection>",
       "id": "<VPN Service ID>",
       "description": ""
     }
   }

3. Execute the following API to confirm the status of the created VPN service.

   $ curl -sS $NETWORK/v2.0/vpn/vpnservices -X GET \
   -H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type:application/json" \
   | jq .

   If the "status" of the created VPN service is "PENDING_CREATE", as shown below, then creation of the SSL-VPN connection is complete.

   {
   "vpnservices": [
       {
         "availability_zone": "<Availability Zone>",
         "router_id": "<Router ID for SSL-VPN Connection>",
         "status": "PENDING_CREATE",
         "name": "<VPN Service Name>",
         "admin_state_up": true,
         "subnet_id": "<Subnet ID for SSL-VPN Connection>",
         "tenant_id": "<Project ID for SSL-VPN Connection>",
         "id": "<VPN Service ID>",
         "description": ""
       }
     ]
   }